Skip to main content

💼 SA-10 DEVELOPER CONFIGURATION MANAGEMENT

Description​

The organization requires the developer of the information system, system component, or information system service to: SA-10a. Perform configuration management during system, component, or service [Selection (one or more): design; development; implementation; operation]; SA-10b. Document, manage, and control the integrity of changes to [Assignment: organization-defined configuration items under configuration management]; SA-10c. Implement only organization-approved changes to the system, component, or service; SA-10d. Document approved changes to the system, component, or service and the potential security impacts of such changes; and SA-10e. Track security flaws and flaw resolution within the system, component, or service and report findings to [Assignment: organization-defined personnel].

Similar​

  • Internal
    • ID: dec-c-aa4bca84

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
💼 NIST CSF v1.1 → 💼 PR.DS-8: Integrity checking mechanisms are used to verify hardware integrity
💼 NIST CSF v1.1 → 💼 PR.IP-1: A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality)426
💼 NIST CSF v1.1 → 💼 PR.IP-2: A System Development Life Cycle to manage systems is implemented69
💼 NIST CSF v1.1 → 💼 PR.IP-3: Configuration change control processes are in place55

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
💼 SA-10 (1) SOFTWARE _ FIRMWARE INTEGRITY VERIFICATION
💼 SA-10 (2) ALTERNATIVE CONFIGURATION MANAGEMENT PROCESSES
💼 SA-10 (3) HARDWARE INTEGRITY VERIFICATION
💼 SA-10 (4) TRUSTED GENERATION
💼 SA-10 (5) MAPPING INTEGRITY FOR VERSION CONTROL
💼 SA-10 (6) TRUSTED DISTRIBUTION